LinuxCommandLibrary

exo-iam

Manage Exoscale IAM resources

TLDR

List all of the IAM roles

$ exo iam role list
copy

Create a new API key
$ exo iam api-key create [api_key_name] [iam_role_name]
copy

Create a new IAM role
$ cat [path/to/policy.json] | exo iam role create [iam_role_name] --editable --policy -
copy

Show the policy of an existing IAM role
$ exo iam role show [iam_role_name] --policy [[-O|--output-format]] [json] | jq .
copy

Update the default Organization policy (the default Organization policy will be applied to all of the API keys within the Organization)
$ cat [path/to/policy.json] | exo iam org-policy update -
copy

SYNOPSIS

exo-iam <command> [options] [arguments]

PARAMETERS

--help
    Show help for exo-iam or a specific subcommand

--debug
    Enable debug logging for troubleshooting

--output, -o {json|table}
    Set output format: JSON or human-readable table

--zone
    Specify Exoscale zone (e.g., ch-dk-2)

organization list
    List IAM organizations

organization-user create
    Invite user to organization

role list
    List available roles

policy attach
    Attach policy to principal

DESCRIPTION

The exo-iam command is part of the Exoscale CLI suite, designed to manage Identity and Access Management (IAM) resources on the Exoscale cloud platform.

It provides a powerful interface for handling organizations, users, roles, and policies within Exoscale's IAM system. Users can list, create, update, or delete IAM entities, assign roles, and manage permissions programmatically.

Key features include support for organization-level IAM, user invitations, role assignments, and policy CRUD operations. It authenticates via API keys and integrates seamlessly with other exo commands for comprehensive cloud management.

Ideal for DevOps workflows, automation scripts, and infrastructure as code setups using tools like Terraform or Ansible. Requires Exoscale account credentials configured via exo config. Outputs in JSON or table format for easy parsing.

Common use cases: onboarding users to organizations, enforcing least-privilege access, auditing permissions, and scaling team access controls.

CAVEATS

Requires valid Exoscale API keys; rate-limited by platform quotas.
Not for production without error handling in scripts.

AUTHENTICATION

Set EXOSCALE_API_KEY and EXOSCALE_API_SECRET env vars or use exo account login.

SUBCOMMANDS

Run exo-iam --help for full list; supports tab-completion with bash/zsh.

HISTORY

Introduced in Exoscale CLI v2.6.0 (2022) as part of IAM beta.
GA in v2.8.0 with full CRUD support; evolved from legacy project-user commands.

SEE ALSO

exo(1), aws(1), gcloud(1)

Copied to clipboard